The IPv6 Internet is like the dark matter, completely invisible to the most widely used IPv4 Internet. One solution to access the IPv6 Internet from an IPv4 connection is to use a tunnel broker. A tunnel broker acts as a middle point between IPv4 and IPv6. There are several IPv6 tunnel broker services available, one of the most populars is Hurricane Electric.

When signing up in a tunnel broker service such as HE, you’re given a Client IPv6, a Server IPv6 and a Server IPv4. While signing up for the service, you’ll need to provide your Client IPv4 public address. It’s possible to consult this address at In my case, HE service complained that the address was not pingable. I had to enter my local router and disable the option WAN Blocking as when is activate it prevents the host to pingable from other hosts.

The informaton provided by HE will be enough to setup an IPv6-in-IPv4 tunnel in your host. Your outgoing IPv6 packets will be piped through this tunnel, reaching HE’s server which will decapsulate packets, forwarding them to its destination in the IPv6 Internet. Likely, the inverse process takes place on incoming packets.

While signing up at HE, the service provides a script for setting up the IPv6-in-IPv4 tunnel making the overall setup very easy. This is how the script looks like for Linux.

1modprobe ipv6
2ip tunnel add he-ipv6 mode sit local <Client-IPv4> remote <Server-IPv4> ttl 255
3ip link set he-ipv6 up
4ip addr add <Client-IPv6> dev he-ipv6
5ip route add ::/0 dev he-ipv6
6ip -f inet6 addr
  • Line 2 creates a SIT tunnel called he-ipv6. A SIT tunnel is nothing but an IPv4-in-IPv6 tunnel. The tunnel creates an end-to-end connection from Client-IPv4 (our client IPv4 address) and Server-IPv4 (HE’s IPv4 address).
  • Line 4 assigns address to the tunnel.
  • Line 5 routes all IPv6 packets in our host through the tunnel.

Notice that if you’re behind a router, which is the most likely case, your Client-IPv4 address will be actually a private address. That’s actually the address you should use as Client-IPv4, and not your public IPv4 address. I mention that because it’s a common pitfall when tweaking this script.

Once the setup is done try pinging to check it works.

$ ping6
PING 56 data bytes
64 bytes from icmp_seq=1 ttl=57 time=97.3 ms